When a user desire to access a secured service or app (for instance, via a website or app program), s/he often is required to register for the service or app. During registration, the user selects, creates, or is otherwise provided with one or more user credentials that serve to identify the user. Upon accessing the service or app on occasions subsequent to the initial registration, the user is authenticated to the service or app by providing the user credentials that verify his/her identity. This type of registration generally is referred to as single-factor authentication as the user is required to authenticate to the service or app utilizing a single factor—“something that the user knows” (i.e., the password that was selected, created, or otherwise provided upon registration).
While single-factor authentication is sufficient for certain objectives, deceitful users employing a little creativity and knowledge of the user, may be able to guess the user credentials and fraudulently utilize the service or app via the user's registered account. Accordingly, a stronger authentication often is desired. Authentication based on two factors (generally referred to as “two-factor authentication”) commonly is considered in the art to be a “strong” authentication. Potential authentication factors include “something the user knows” (for instance, a user-generated password), “something the user has” (for instance, a smart card) and “something the user is” (for instance, biometric properties specific to the user). Traditional two-factor authentication instructs a user, at a login form (for instance, at a text box having fields for receiving alpha-numeric input) to enter user credentials (e.g., a user name and password) selected, created or otherwise provided at registration as the first authentication factor (as described above). However, with two-factor authentication, after verifying his or her identity utilizing the first factor, the user is transmitted a code (e.g., a numeric code) via email, Short Messaging Service (SMS), or the like. The user generally then is required to manually input the code into the login form. This code transmission and entering process represents the second authentication factor.
While more secure than single-factor authentication, this above-described process is cumbersome for users, particularly those with physical disabilities that render manual input of textual information difficult. Further, the above-described process requires extensive manual user intervention each time the user seeks to authenticate to the service or app. Still further, once both factors are authenticated to the service or app, the service or app may remain in an accessed state leaving the service or app vulnerable to opportunistic fraudulent users that attempt to access the user's computing device, for instance, when the user steps away without shutting down or otherwise rendering dormant, the service or app.